Vulnerability
Bad Cisco configuration
Affected
Cisco 2509/2511
Description
Albert Siersema pointed out an old one, but people do configure
Cisco this way and forget to do a:
transport input none
on their 'line 1 16' (or whatever) config. If you are using
clear text authentication with tacacs, only the next lines are
needed in the config for lines 1 20 (by Gustavo Lozano):
line 1 20
login tacacs
If you use the default values ('telnet' possibly) and you have no
filters (stupid idea too) on your Cisco then someone is able to
use ports 2001 and up to connect to one of the devices attached
to it. If this is a modem that same person can type any AT
command he/she wants.
Solution
Erdinc Kaya proposed following: first enter conf terminal mode
and then in line 1 16 enter "modem ri-is-cd" command.. it makes a
protection to the port 2001-2-3-4 (modem attached ports) and when
you telnet to these ports the connection will be closed
(refusing)..